﻿--[[
Rule name: Header vulnerability
Filtering stage: Request phase
Threat level: Critical
Rule description: The httpoxy vulnerability can be used to set up illegal proxies for CGI environments, thereby stealing sensitive server data. The if and lock_token HTTP headers can cause overflow attacks in CVE-2017-7269 (IIS 6.0 WebMAV remote code execution vulnerability).
--]]


if waf.reqHeaders.proxy ~= nil then
    return true, "Proxy: " .. waf.reqHeaders.proxy, true
end

if waf.reqHeaders.lock_token ~= nil then
    return true, "Lock-Token: " .. waf.reqHeaders.lock_token, true
end

if waf.reqHeaders["If"] ~= nil then
    return true, "If: " .. waf.reqHeaders["If"], true
end

return false